In my previous blog entry on July 9, I went on record by saying that the DNS vulnerability announced on July 8 was somewhat theoretical, as there were no incident reports on the vulnerability being exploited in the wild. And while that was indeed the case at the time of writing, the situation changed for the worse rather drastically towards the end of July, as tools designed to exploit this vulnerability were made public. Not long after that, SANS reported the first confirmed instance of DNS cache poisoning utilizing this vulnerability (on July 30). Finally, to up the ante, Dan Kaminsky stated yesterday at Black Hat 2008 in Las Vegas that this security flaw might also make other systems and services such as email, FTP and RADIUS vulnerable.

As the best way for your organization to protect itself against these threats is to update your (recursive) DNS servers with the patches issued on July 8, please make sure that the appropriate software updates have been applied to your machines.

—advertisement—

Better yet, if you would like to make sure that your DNS servers are patched up automatically whenever new DNS vulnerabilities are discovered, please take a look at Nixu Secure Name Server. At only $495 per server per year, your DNS servers will be automatically patched up, and you will also have an access to our helpdesk where qualified engineers answer your questions. This is great value for money, as our customers have recently noticed.

—advertisement—

On a somewhat lighter note, Dan Kaminsky also had a very nice illustration aid with him at Black Hat 2008. Namely, a Finnish company called Clarified Networks had created a visualization of the pace at which DNS servers around the world were patched up since this vulnerability became into public domain. If you’re interested in checking it out, the illustration is available at Clarified Networks’s website.